---
- name: Get admin ticket
  delegate_to: "{{ ipa_server }}"
  shell: echo "{{ipa_admin_password}}" | kinit admin
  check_mode: no
  changed_when: "1 != 1"
  tags:
  - config
  - krb5


- name: Create servicedelegationtarget entry
  delegate_to: "{{ ipa_server }}"
  command: ipa servicedelegationtarget-add {{targetname}}-delegation-targets
  register: add_result
  check_mode: no
  changed_when: "'Added service delegation target' in add_result.stdout"
  failed_when: "not ('Added service delegation target' in add_result.stdout or 'already exists' in add_result.stderr)"
  tags:
  - config
  - krb5

- name: Add servicedelegationtarget members
  delegate_to: "{{ ipa_server }}"
  command: ipa servicedelegationtarget-add-member {{targetname}}-delegation-targets --principals={{item.service}}/{{item.host}}@{{ipa_realm}}
  loop: "{{ members }}"
  register: add_member_result
  check_mode: no
  changed_when: "'Number of members added 1' in add_member_result.stdout"
  failed_when: "not ('Number of members added 1' in add_member_result.stdout or 'Number of members added 0' in add_member_result.stdout)"
  tags:
  - config
  - krb5

- name: Destroy admin ticket
  delegate_to: "{{ ipa_server }}"
  command: kdestroy -A
  tags:
  - config
  - krb5
